Mirai is alive and well – in your modem!

The Mirai malware has been spreading since 2016. It infects modems and other networked devices using a list of default passwords. Have you changed the default passwords of your devices?

Mirai infections on the rise

The total number of Mirai malware infections detected in Finland increased significantly on August 5 and 6, 2017. While the number of daily Mirai detections has stayed well below one hundred throughout the spring and summer, on August 5 and 6 it suddenly jumped above 450. The botnet involved in the attack that impacted major services such as Twitter and Spotify in October 2016 was Mirai-based. The number of infections has since started to decrease, as telecommunications operators have been in contact with the owners of the infected devices, but it looks like the tail of infections is, once again, long.

Botnets have long been a pain in the neck for operators and companies. Botnets are made out of hundreds, thousands or more devices, and they are used for example for sending large volumes of traffic to a victim system typically jamming it. This is called a distributed denial-of-service (DDoS) attack, and your devices may be involved in one.

Typically, botnets make use of networked cameras and home broadband routers, in other words equipment which is plugged into a cable or telephone socket for internet access.

However, a computer, smart TV or almost any other connected device can be made part of a botnet.

Change all your default passwords

Of botnet creating malware, Mirai is one of the most common. The malware scans the internet for devices to infect them. When it finds a device, it attempts to log in using the most common user name and password combinations, such as admin/123456, root/admin, root/system, etc. Unfortunately, this often proves to be a rather successful tactic, as a large number of the new devices people bring home and connect to the internet has one of these well-known passwords.

It is therefore of utmost importance that you always change the default password of your devices. Many devices have several user interfaces and passwords – all of which need to be changed. We recommend that you use complex and unique passwords everywhere and outsource their management to password manager software. If this seems too complicated, make sure at least that you change the default password. Even if you just use the name of your pet or tape your password onto your screen on a piece of paper, you are still protected against these types of attacks.

Botnets are not the only dangers looming on the internet. Ransomware can be slipped onto your computer through security holes and default passwords. One of the nastiest types of malware targeting IoT devices is BrickerBot. It spreads similarly to Mirai, but instead of growing a botnet, it incapacitates devices. The person claiming to be the author of BrickerBot has said that the malware was created to stop Mirai from growing, but if this was true, it would be a highly irresponsibly approach.

Luckily the cure is the same regardless of who the attacker is:

Keep your software up-to-date

Use strong passwords or at the minimum change all default passwords

Shop wisely and securely

As many as 39% of the 25- to 34-year-old respondents to FICORA's consumer survey assumed that any IT equipment sold in the stores were secure and did not look into the security features of the devices they purchased in advance.

The overall respondent average was 29%. Moreover, 14% of the respondents said that they did not pay any attention to the security of their devices, while 7% stated that they were unable to say what role information security played in their device purchases.

Unfortunately, the respondents’ trust in the security of the devices is unfounded. All software contains bugs, some of which can be exploited. By the time a device has been manufactured and delivered to the store, new vulnerabilities have been discovered. Criminals are constantly coming up with new ways of exploiting these vulnerabilities.

Network attack attempts start immediately after a brand new device goes online.

Here, software patches come to the rescue. When buying a new computer, network device, smart phone or other gadgets, make sure you they have easily updatable software for which the manufacturers and software developers promise patches. For updatability information, check the manufacturer's website, use a search engine to find out more, or ask the retailer. With easily or automatically updated software, you make sure your device is updated regularly and whenever need be. However, if the manufacturer does not offer software patches, there is not much a user can do to ensure their device is secure.

Luckily half of Finns look at least a little bit into how secure a device is before they purchase it. In particular when you purchase low-power equipment such as home routers or network storage hardware, make sure that they support secure protocols. Luckily, computer, tablet and smart phone software products are established enough to have operating systems and standard software that support the most common secure protocols.

Does all information security rely on consumer awareness? At the moment, a lot of it does. In Finland, telecommunications operators make sure that the terminal devices they sell to consumers have secure settings. However, users are responsible for password management. Also certain consumer electronics retailers take efforts to ensure that the products they sell are secure, but there are a lot of products on the market with compromised information security.

Awareness of this problem is increasing worldwide, and for example the EU is currently drafting minimum requirements for the information security of IoT equipment. It will probably take years, however, before they take effect on new products. IoT device users are therefore still very much guardians of their own security.

Further information

Safety in using internet-connected devices

US-CERT: Security Tip (ST15-002) Securing Your Home Network

Update history

Key words: Information security , Botnet , Internet of Things (IoT) , Malware , Modem , Network , Network equipment , Password , Information security now!

LinkedIn Print


The Finnish Communications Regulatory Authority (FICORA)

The National Cyber Security Centre Finland (NCSC-FI)

Itämerenkatu 3 A

P.O. Box 313


Media contacts by telephone +358 295 390 248